PT-2021-17256 · Xterm+8 · Xterm+8

Tavis Ormandy

Published

2021-02-10

Updated

2024-06-15

CVE-2021-27135

CVSS v3.1

9.6

Critical

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: xterm versions before Patch #366

Description: The issue allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. This can potentially lead to unspecified other impacts.

Recommendations: For xterm versions before Patch #366, apply Patch #366 to resolve the issue. As a temporary workaround, consider restricting the use of crafted UTF-8 combining character sequences until the patch is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALSA-2021:0611

ALT-PU-2021-1391

ALT-PU-2021-1403

ALT-PU-2021-1407

AZL-7454

CESA-2021_0611

CESA-2021_0617

CVE-2021-27135

DLA-2558-1

DLA-2558-2

MGASA-2021-0094

OESA-2021-1091

OPENSUSE-SU-2021:0900-1

OPENSUSE-SU-2021:2011-1

OPENSUSE-SU-2021_0900-1

OPENSUSE-SU-2021_2011-1

OPENSUSE-SU-2024:11527-1

RHSA-2021:0611

RHSA-2021:0617

RHSA-2021:0650

RHSA-2021:0651

RHSA-2021_0611

RHSA-2021_0617

RLSA-2021:0611

SUSE-SU-2021:14747-1

SUSE-SU-2021:2011-1

SUSE-SU-2021:2013-1

SUSE-SU-2021:2014-1

SUSE-SU-2021_14747-1

SUSE-SU-2021_2011-1

SUSE-SU-2021_2013-1

SUSE-SU-2021_2014-1

USN-4746-1

Affected Products

Alt Linux

Almalinux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Xterm

PT-2021-17256 · Xterm+8 · Xterm+8

CVE-2021-27135

Related Identifiers

Affected Products

References · 62